首页 文章

从azr注册表中提取ErrImagePull

提问于
浏览
0

我正在尝试使用minikube运行kubernetes . 我在n azure容器注册表中有一些docker镜像 .

我创建了一个这样的秘密:

kubectl create secret docker-registry private-repo-secret --docker-server=myregistry.azurecr.io --docker-username=myusername --docker-password=mypassword --docker-email=myemail@mydomain.com

我可以看到它在那里:

$ kubectl get secret         
NAME                  TYPE                                  DATA      AGE
default-token-x5xxh   kubernetes.io/service-account-token   3         17m
private-repo-secret   kubernetes.io/dockercfg               1         4m

在我的 beans 荚:

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: frontend
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: frontend
    spec:
      containers:
      - name: frontend
        image: myregistry.azurecr.io/myproject/frontend:0.0.5
      imagePullSecrets:
        - name: private-repo-secret

那么为什么我得到 ErrImagePull 说需要身份验证?

编辑:这些凭据是正确的,他们在本地工作 . 我使用了 az acr credential show -n myregistry 获得的2个密码中的一个 . 唯一的区别是,在我的本地json我只有auth属性,而不是用户名,密码和电子邮件 .

如果我描述我的一个 beans 荚,我会得到:

Warning  Failed                 5m (x4 over 6m)   kubelet, ip-172-20-49-180.eu-central-1.compute.internal  Failed to pull image "myregistry.azurecr.io/myproject/frontend:0.0.5": rpc error: code = Unknown desc = Error response from daemon: Get https://myregistry.azurecr.io/v2/myproject/frontend/manifests/0.0.5: unauthorized: authentication required
  Normal   BackOff                5m (x6 over 6m)   kubelet, ip-172-20-49-180.eu-central-1.compute.internal  Back-off pulling image "myregistry.azurecr.io/myproject/frontend:0.0.5"
  Warning  FailedSync             1m (x25 over 6m)  kubelet, ip-172-20-49-180.eu-central-1.compute.internal  Error syncing pod

kubectl版本:

Client Version: version.Info{Major:"1", Minor:"9", GitVersion:"v1.9.0", GitCommit:"925c127ec6b946659ad0fd596fa959be43f0cc05", GitTreeState:"clean", BuildDate:"2017-12-15T21:07:38Z", GoVersion:"go1.9.2", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"8", GitVersion:"v1.8.6", GitCommit:"6260bb08c46c31eea6cb538b34a9ceb3e406689c", GitTreeState:"clean", BuildDate:"2017-12-21T06:23:29Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}
azure docker kubernetes minikube

4 回答

  • 0

    好吧,这看起来正确,唯一的问题可能是错误的用户\密码,错误的acr名称或其他地方 . 您可以使用以下方法检查这些值:

    kubectl get secrets/private-repo-secret -o yaml
echo "string from data/.dockerconfigjson" | base64 --decode

    或者你可以简单地删除它们并从头开始创建

    回复于
  • 0

    我通过从这个yaml文件创建一个秘密来解决:

    apiVersion: v1  
kind: Secret    
metadata:   
  name: private-repo-secret 
data:   
  .dockerconfigjson: <~/.docker/config.json encoded base64> 
type: kubernetes.io/dockerconfigjson
    回复于
  • 2

    首先,使用以下命令登录docker注册表 .

    $ docker login DOCKER_REGISTRY_SERVER --username=DOCKER_USER --password=DOCKER_PASSWORD --email=DOCKER_EMAIL'.

    这将生成一个配置文件 .

    $ ls -la ~/.docker/config.json
/home/shahriar/.docker/config.json

    现在,使用此命令创建机密 .

    kubectl create secret generic my-secret-name --type=kubernetes.io/dockerconfigjson --from-file .dockerconfigjson=/home/shahriar/.docker/config.json

    你的秘密会是这样的

    apiVersion: v1
data:
  .dockerconfigjson: ewoJImF1dGh...l9Cn0=
kind: Secret
metadata:
  creationTimestamp: 2018-02-17T10:06:56Z
  name: my-secret-name
  namespace: default
  resourceVersion: "269"
  selfLink: /api/v1/namespaces/default/secrets/my-secret-name
  uid: 48f9f398-13ca-11e8-89c4-0800276cd577
type: kubernetes.io/dockerconfigjson

    并且 .dockerconfigjson 将会是这样的

    {
    "auths": {
        "https://index.docker.io/v1/": {
            "auth": "YWVyb2tp..XRlMDMzIw=="
        }
    },
    "HttpHeaders": {
        "User-Agent": "Docker-Client/17.11.0-ce (linux)"
    }
}
    回复于
  • 0

    你可以创建秘密;

    kubectl create secret docker-registry YOUR_SECRET_NAME --docker-server=REGISTRY_LOGIN_SERVER --docker-username=USERNAME --docker-password=PASSWORD --docker-email=VALID_EMAIL

    (您可以使用该命令检查docker注册表的USERNAME和PASSWORD

    az acr credential show --name YOUR_REGISTRY_NAME

    然后在kubernets资源规范中引用创建的秘密名称 . 例如 .

    apiVersion: apps/v1beta1
kind: Deployment
metadata:
  name: some_deployment
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: some_deployment
    spec:
      containers:
      - name: some_image
        image: REGISTRY_NAME.azurecr.io/repository:tag
        .
        .
        .
        imagePullSecrets:
        - name: YOUR_SECRET_NAME
    回复于

相关问题